Re: OT: virus in list
- From: "Jim Harrison" <jim@xxxxxxxxxxxx>
- To: "[ISAserver.org Discussion List]" <isalist@xxxxxxxxxxxxx>
- Date: Thu, 5 Jun 2003 14:15:39 -0700
Here was my response to this kind of "auto-advisor" code today:
(his mail)
----- Original Message -----
From: "Postmaster" <postmaster@xxxxxxxxxxxxxxxxxxxxxx>
To: <postmaster@xxxxxxxxxxxx>
Sent: Thursday, June 05, 2003 00:32
Subject: Your mail server sent us a virus
The Virus software on our mail server detected the W32/Sobig.C@mm virus
that appears to have come from your mail server. It was sent in
an attachment application.pif, from jim@xxxxxxxxxxxx to
kosmoski@xxxxxxxxxxxxxxxxxx,
with the subject "Re: Movie". The Message-ID was:
<20030605023254.SM01532@FREMIOT-PC>.
If your mail server had virus protection, it would have caused less work for
our server and would have likely prevented one of your users from getting a
virus in the first place!
(my response)
Hello,
Five points for you to ponder:
1. I've examined my mail server logs for the past week and no such mail ever
left my server.
2. I have server-based AV scanning and it has been catching Sobig for the
last week.
3. It's one of the attributes of Sobig that the source email addr is
spoofed.
4. If you examine the mail header and your own mail logs, you'll likely see
that regardless of the "source email address", the source IP is not mine.
5. If your automation was smarter, I wouldn't have to respond to inane
comments like "If your mail server had virus protection, it would have
caused less work for our server and would have likely prevented one of your
users from getting a virus in the first place!"
The fact is, if you used smarter virus response automation, I wouldn't have
to waste my time educating you.
Get a clue; they're free.
Jim Harrison
MCP(NT4, W2K), A+, Network+, PCG
http://www.microsoft.com/isaserver
http://isaserver.org/Jim_Harrison
http://isatools.org
Read the help, books and articles!
----- Original Message -----
From: "Dan Gabbard" <intellihome@xxxxxxxxx>
To: "[ISAserver.org Discussion List]" <isalist@xxxxxxxxxxxxx>
Sent: Thursday, June 05, 2003 12:47
Subject: [isalist] OT: virus in list
http://www.ISAserver.org
I just sent a reply to a post and then received an out-of-office reply that
had a virus attached, according to Norton AV. The virus came from
"NAVMSE-BRUMAIL@xxxxxxxxxxx" I think, not sure how Norton handle these. Has
this happened to anyone else on the list?
Dan
------------------------------------------------------
List Archives: http://www.webelists.com/cgi/lyris.pl?enter=isalist
ISA Server Newsletter: http://www.isaserver.org/pages/newsletter.asp
ISA Server FAQ: http://www.isaserver.org/pages/larticle.asp?type=FAQ
------------------------------------------------------
Other Internet Software Marketing Sites:
Leading Network Software Directory: http://www.serverfiles.com
No.1 Exchange Server Resource Site: http://www.msexchange.org
Windows Security Resource Site: http://www.windowsecurity.com/
Network Security Library: http://www.secinf.net/
Windows 2000/NT Fax Solutions: http://www.ntfaxfaq.com
------------------------------------------------------
You are currently subscribed to this ISAserver.org Discussion List as:
jim@xxxxxxxxxxxx
To unsubscribe send a blank email to $subst('Email.Unsub')
Other related posts:
